Skip to content

Commit

Permalink
Update actions workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
awlayton committed Jul 14, 2021
1 parent 6fc71f8 commit 57a16c6
Showing 1 changed file with 44 additions and 58 deletions.
102 changes: 44 additions & 58 deletions .github/workflows/build-and-push-services.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ on:
env:
# Set to true to push images to DockerHub
# NB: images are public unless you configure DockerHub repo properly
DOCKERHUB_PUSH: 1
DOCKERHUB_PUSH: true

jobs:
setup:
Expand Down Expand Up @@ -48,9 +48,9 @@ jobs:
elif [[ $GITHUB_REF == refs/heads/* ]]; then
VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g')
# Expect for the default_branch, which gets version "next"
# Expect for the default_branch, which gets version "edge"
if [ "$VERSION" == "${{ github.event.repository.default_branch }}" ]; then
VERSION=next
VERSION=edge
fi
# PR versions are pr-<github pr number>
Expand Down Expand Up @@ -97,7 +97,7 @@ jobs:

- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1.3.0
uses: docker/setup-buildx-action@v1.5.1
with:
version: latest

Expand All @@ -118,11 +118,10 @@ jobs:
${{ runner.os }}-buildx-${{ matrix.service }}-
${{ runner.os }}-buildx-
- name: Prepare Tags
id: prepare
# TODO: Clean up this monstrosity... one day...
- name: Prepare Images
id: images
run: |
# Nameo on DockerHub (Doesn't like upper case)
# Name on DockerHub (Doesn't like upper case)
DOCKER_IMAGE=$(echo ${{ matrix.service }} | tr '[:upper:]' '[:lower:]')
# Name on GHCR
GHCR_IMAGE=ghcr.io/${DOCKER_IMAGE}
Expand All @@ -131,73 +130,55 @@ jobs:
DOCKER_IMAGE=$(echo ${{ matrix.service }} | sed 's/${{ github.repository_owner }}/${{ secrets.DOCKER_REPO }}/g')
fi
TAGS="${GHCR_IMAGE}:${{ needs.setup.outputs.version }}"
DH_TAGS="${DOCKER_IMAGE}:${{ needs.setup.outputs.version }}"
if [[ "${{ needs.setup.outputs.release }}" ]]; then
if [[ "${{ needs.setup.outputs.prerelease }}" ]]; then
TAGS="${GHCR_IMAGE}:${{ needs.setup.outputs.major }}.${{ needs.setup.outputs.minor }}.${{ needs.setup.outputs.patch }}-${{ needs.setup.outputs.prerelease }}"
DH_TAGS="${DOCKER_IMAGE}:${{ needs.setup.outputs.major }}.${{ needs.setup.outputs.minor }}.${{ needs.setup.outputs.patch }}-${{ needs.setup.outputs.prerelease }}"
# TODO: Keep old prerelease builds?
else
TAGS="$TAGS,${GHCR_IMAGE}:latest"
TAGS="$TAGS,${GHCR_IMAGE}:${{ needs.setup.outputs.major }}"
TAGS="$TAGS,${GHCR_IMAGE}:${{ needs.setup.outputs.major }}.${{ needs.setup.outputs.minor }}"
DH_TAGS="$DH_TAGS,${DOCKER_IMAGE}:latest"
DH_TAGS="$DH_TAGS,${DOCKER_IMAGE}:${{ needs.setup.outputs.major }}"
DH_TAGS="$DH_TAGS,${DOCKER_IMAGE}:${{ needs.setup.outputs.major }}.${{ needs.setup.outputs.minor }}"
fi
fi
if [ "${{ github.event_name }}" = "push" ]; then
TAGS="$TAGS,${GHCR_IMAGE}:sha-${GITHUB_SHA::8}"
DH_TAGS="$DH_TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}"
fi
if [[ "${{ env.DOCKERHUB_PUSH }}" ]]; then
TAGS="$TAGS,${DH_TAGS}"
fi
echo ::set-output name=tags::${TAGS}
echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
echo ${{ github.event.repository.license }}
echo ::set-output name=dockerhub::${DOCKER_IMAGE}
echo ::set-output name=ghcr::${GHCR_IMAGE}
- name: Login to DockerHub
if: ${{ env.DOCKERHUB_PUSH && github.event_name != 'pull_request' }}
uses: docker/login-action@v1.9.0
#if: ${{ env.DOCKERHUB_PUSH && github.event_name != 'pull_request' }}
uses: docker/login-action@v1.10.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Login to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v1.9.0
#if: github.event_name != 'pull_request'
uses: docker/login-action@v1.10.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v3
with:
images: |
${{ steps.images.outputs.dockerhub }}
${{ steps.images.outputs.ghcr}}
# Don't update latest on prereleases?
flavor:
latest=${{ !!(needs.setup.outputs.release && !needs.setup.outputs.prerelease) }}
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=schedule,pattern=nightly
type=edge
type=ref,event=pr
type=sha
- name: Build and push images
uses: docker/build-push-action@v2.5.0
uses: docker/build-push-action@v2.6.1
with:
context: ${{ matrix.context }}
file: ${{ matrix.context }}/Dockerfile
platforms: linux/amd64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.prepare.outputs.tags }}
push: true
tags: ${{ steps.meta.outputs.tags }}
build-args: |
VERSION=${{ steps.prepare.outputs.version }}
BUILD_DATE=${{ steps.prepare.outputs.created }}
GIT_REF=${{ github.sha }}
SERVICE=${{ matrix.service }}
labels: |
org.opencontainers.image.title=${{ matrix.service }}
org.opencontainers.image.url=${{ github.event.repository.html_url }}
org.opencontainers.image.source=${{ github.event.repository.clone_url }}
org.opencontainers.image.version=${{ needs.setup.outputs.version }}
org.opencontainers.image.created=${{ steps.prepare.outputs.created }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new

Expand Down Expand Up @@ -252,17 +233,22 @@ jobs:
DOCKER_IMAGE=$(echo ${{ matrix.service }} | sed 's/${{ github.repository_owner }}/${{ secrets.DOCKER_REPO }}/g')
fi
TAG="${GHCR_IMAGE}:next"
TAG="${GHCR_IMAGE}:edge"
if [[ "${{ needs.setup.outputs.release }}" ]]; then
if [[ "${{ needs.setup.outputs.prerelease }}" ]]; then
TAG="${GHCR_IMAGE}:next"
TAG="${GHCR_IMAGE}:edge"
else
TAG="${GHCR_IMAGE}:latest"
fi
fi
echo ::set-output name=tag::${TAG}
echo ::set-output name=org::${OWNER}
# Allow overriding Snyk org if different from GitHub?
if [[ "${{ secrets.SNYK_ORG }}" ]]; then
echo ::set-output name=org::${{ secrets.SNYK_ORG }}
else
echo ::set-output name=org::${OWNER}
fi
echo ::set-output name=cur::${GHCR_IMAGE}:sha-${GITHUB_SHA::8}
- name: Monitor Service image with Snyk
Expand Down

0 comments on commit 57a16c6

Please sign in to comment.